getting rid of blowfishes
Sun, 30 Apr 2000 16:45:01 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 30 Apr 2000, Werner Koch wrote:
> On Thu, 27 Apr 2000, Pete Chown wrote:
> > I thought GnuPG now avoided all the known problems with ElGamal
> > signing. Is this not the case?
> ElGamal S+E keys are fully OpenPGP compatible and GnuPG avoids the
> problems. I don't suggest to use them, however some folks feel like
> it is a good idea to have a fallback algorithm.
I didn't mean to sound like I was saying it wasn't OpenPGP compatable. I
just don't think it is advisable to use them, as you say. Having a fall
back algorithm is a good idea... I just worry that people see it and
decide to use it, not knowing any of the issues involved.
> Blowfish is a well respected algorithm and has been used by the first
> PGP 5 version. It is faster than CAST-5 and OpenPGP compatible.
> Twofish is not yet OpenPGP and not in wide use mainly because NAI
> refused to accept most OpenGPG WG suggestions because they don't want
> to implement it in their product.
Well, let's not be so harsh with the suppositions here. I think you will
be pleasantly surprised with 7.0.
> GnuPG is not PGP nor an NAI product but an OpenPGP implementation; so
> there is no reason to head for PGP x.x compatibilty. NAI is selling a
> proprietary product - GnuPG is free software. The GNU project is
> doing software to create a free operating system and not to compete
> with proprietary products. If NAI wants to be compatible to GnuPG,
> they should fix PGP: I guess they have far more developers than we.
I have to disagree slightly with this. I think it is important for both
the PGP developers and the GnuPG developers to strive for compatability
with each other's product. Fragmenting the OpenPGP community is not a good
thing, for anyone involved.
System Administrator |
Technology Consultant | "To hold a pen is to be at war."
icq.. 10735603 |
pgp.. finger://ns.quickie.net/rabbi | --Voltaire
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
-----END PGP SIGNATURE-----